Lateral Movement

Lateral movement, or lateral traffic, is a network attacker’s progression through the network once they have breached it. Lateral movement is also known as east-west traffic, indicating horizontal progression through an already-breached network, and contrasts with north-south traffic, or first entering the network. Lateral movement is challenging for organizations to track because once an attacker has entered a network, their traffic appears normal. It’s hard to distinguish between an attacker and authorized users because they’ve already gained access.

Reasons for lateral movement

Attackers can gain initial access to a network using:

  • Employee devices, particularly in the Internet of Things. IoT devices have fewer security protocols than smartphones and computers. If an attacker accesses an IoT device that connects to the company network, they may then be able to thread their way into the network.
  • Company email. Social engineering heavily relies on fraudulent emails, which might ask an employee for their credentials or include malware. Once the attacker has that information, they can proceed into the network as a trusted user.
  • Malicious software installed on a company computer: if an attacker convinces an employee to click a link, malware could install on that computer and then give the attacker a pathway into the network.

Traditional network security doesn’t handle lateral movement well because it doesn’t have good methods of protecting the inside of the private network. Everyone who is allowed through the firewall at the perimeter can then meander through the network at their leisure. This also makes it harder for organizations to find a threat once it’s inside, especially if the attacker has stolen an employee’s credentials. Sorting through all of the data both manually and efficiently is impossible for most IT teams.

Combatting lateral movement with XDR

In traditional network security solutions, separate software and systems are not centralized: they’re siloed. It’s more difficult for a business to manage its network security when multiple applications are analyzing data. A centralized threat detection and response solution that can analyze all the data and notice patterns is a better way to monitor a network.

Extended detection and response (XDR) is one of the best choices for large organizations because it removes the silos between security solutions. XDR monitors all the data from applications and servers. An XDR solution includes automation, which saves IT and engineering teams time.

Some XDR solutions implement machine learning, which studies patterns in data and eventually learns to notice anomalies and prioritize alerts to technology teams, similar to user and entity behavior analytics (UEBA). If trained sufficiently, machines can interpret words and also their context to better understand a situation. If a certain computer, account, or server behaves unusually, a good network detection and response solution will notice that and take proactive measures to find the cause. XDR does not just detect threats but also tracks them and addresses them quickly.

Zero trust and microsegmentation are other technologies designed to limit access in event of a breach or stolen credentials.

Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...